xen/21331-svm-vintr-during-nmi.patch

# HG changeset patch
# User Keir Fraser <keir.fraser@citrix.com>
# Date 1273256548 -3600
# Node ID bbf009817ffbe15a7cbbda8bddd82640f290ce0c
# Parent  a97ef0eb0b9d520b8b6b97d240771cc27de978e3
svm: Avoid VINTR injection during NMI shadow

It is invalid because we get vmexit via IRET interception in this
case. VINTR is unaware of NMI shadows and may vmexit early, leaving us
in an endless loop of VINTR injections and interceptions.

Signed-off-by: Wei Wang <wei.wang2@amd.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

--- a/xen/arch/x86/hvm/svm/intr.c
+++ b/xen/arch/x86/hvm/svm/intr.c
@@ -88,10 +88,21 @@ static void enable_intr_window(struct vc
      * guest can accept the real interrupt.
      *
      * TODO: Better NMI handling. We need a way to skip a MOV SS interrupt
-     * shadow. This is hard to do without hardware support. We should also
-     * track 'NMI blocking' from NMI injection until IRET. This can be done
-     * quite easily in software by intercepting the unblocking IRET.
+     * shadow. This is hard to do without hardware support. Also we should
+     * not be waiting for EFLAGS.IF to become 1.
      */
+
+    /*
+     * NMI-blocking window is handled by IRET interception. We should not
+     * inject a VINTR in this case as VINTR is unaware of NMI-blocking and
+     * hence we can enter an endless loop (VINTR intercept fires, yet
+     * hvm_interrupt_blocked() still indicates NMI-blocking is active, so
+     * we inject a VINTR, ...).
+     */
+    if ( (intack.source == hvm_intsrc_nmi) &&
+         (vmcb->general1_intercepts & GENERAL1_INTERCEPT_IRET) )
+        return;
+
     intr = vmcb->vintr;
     intr.fields.irq     = 1;
     intr.fields.vector  = 0;